Skip to content

config: incorrect parsing of the `ProxyCommand` configuration option

Hello,

It seems like there are two problems when parsing the ProxyCommand option in configuration files.

When using a configuration like this:

Host myHost
  ProxyCommand "command" arg

The ProxyCommand which ends up being run is command (without quotes) and not "command" arg.

This looks like two different problems when using a command that starts with ":

  • only the first token (until the closing ") is parsed
  • the quotes are removed from the string

For the first one, it is said in the part of the ssh_config manual page that describes ProxyCommand that the command string extends to the end of the line.

Concerning the second problem, I believe " should not be treated as a special case and the " should not be removed from the command string because it would break if the command had spaces because "/bin/with spaces" would be executed as a command /bin/with with an argument spaces which is not the expected behavior.

Both problems come from the ssh_config_get_cmd function call in ssh_config_parse_line which only returns the first token of the line when the first non-blank character is a " and removes the quoting.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information